Now I'd like to do the updates---but as usual, that means I must connect to the Net with no firewall, run apt-get update, wait for it to finish, then apt-get a firewall (e.g. Firestarter) and its dependencies. That always seems like a long time to be connected with an unprotected system.

I guess I could create a dummy (non-root) account, do that stuff, then delete the account in case it was compromised... But maybe I'm being paranoid? (After all, it's not Windows.)

Finally, is there a reason the Kanotix install doesn't include a firewall, like the live CD? Wouldn't that be a lot easier? (More advanced users could uninstall it and do their own config, of course.)

notwithstanding the fact that I'm a total idiot, I haven't run a firewall for years until recently. (Firestarter) I don't think most evil-doers aim at linux, although like I say, I don't know that much. Never had a problem. So why am I even posting? I guess to show the opposite end of the paranoia spectrum.

"Now I'd like to do the updates---but as usual, that means I must connect to the Net with no firewall, run apt-get update, wait for it to finish, then apt-get a firewall (e.g. Firestarter) and its dependencies. That always seems like a long time to be connected with an unprotected system."

A long time? That reminds me of the horse**** being sold by my government to keep citizens in a state of fear so they can continue to shovel their propaganda down the throats of gullible citizens. Life is too short to live in a state of fear about anything. What's gonna happen is gonna happen, so it would be in the of best interest of everyone to just backhand the bogeyman & go fer it. Hey! that sounds like a song title to me...

I put firewalls in the same category as screensavers and mouse odometers: useless stuff. If you don't run a server you don't need a firewall; and if you serve files you have to forward the port to your firewall anyway, so what's the point?

Having said that, I do use a firewall in Windows. Not to block incoming packets, but to block OUTGOING ones, like shareware programs calling home to "check for updates" (free in Windows has a different meaning than free in Linux).

So, unless you run Windows, the answer to your question is probably yes.